diff options
| author | David Flatz | 2019-10-28 16:48:03 +0100 |
|---|---|---|
| committer | David Flatz | 2019-10-28 16:48:03 +0100 |
| commit | 0ae61813817c38450bb7b03ca27cfa569ede35c8 (patch) | |
| tree | 512f4e96d34bede849c7928db1f067e0a70c5f91 | |
| parent | 55597357c715484494bc7ef58ee36a6d0e5b63f6 (diff) | |
| download | itools-0ae61813817c38450bb7b03ca27cfa569ede35c8.tar.gz itools-0ae61813817c38450bb7b03ca27cfa569ede35c8.tar.bz2 itools-0ae61813817c38450bb7b03ca27cfa569ede35c8.zip | |
escape attachment name since that string is user-provided and might contain non-ascii characters
| -rw-r--r-- | it_mail.class | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/it_mail.class b/it_mail.class index 4033c06..3e56a08 100644 --- a/it_mail.class +++ b/it_mail.class @@ -276,7 +276,8 @@ function send($p = array()) foreach ($this->attachments as $attachment) { - $text .= "\n--$boundary\nContent-Type: {$attachment['mimetype']}; name=\"{$attachment['name']}\"\nContent-Transfer-Encoding: base64\nContent-ID: <{$attachment['cid']}>\nContent-Disposition: {$attachment['disposition']}; filename=\"{$attachment['name']}\"\n\n"; + $name = $this->header_escape($attachment['name']); + $text .= "\n--$boundary\nContent-Type: {$attachment['mimetype']}; name=\"$name\"\nContent-Transfer-Encoding: base64\nContent-ID: <{$attachment['cid']}>\nContent-Disposition: {$attachment['disposition']}; filename=\"$name\"\n\n"; $text .= chunk_split(base64_encode($attachment['data'])); } |